5c05921d49d08e3bdbe2d9e593970397988bd5096d37d19697b1f2ff72670f1a | Triage

Sharing

General

Target

c822d2860b3645bcdf3d52027a3c2810N.exe
Size

296KB
Sample

240802-yj2mwssfke
MD5

c822d2860b3645bcdf3d52027a3c2810
SHA1

79734bb649a19a667e77a19d983fdcbb4af12725
SHA256

5c05921d49d08e3bdbe2d9e593970397988bd5096d37d19697b1f2ff72670f1a
SHA512

793d0927d1d835b83c8e1e475b5e7e439860ad597e0633d792aaa53078c08cf46f943b138d981786e956d7b2669d42019ed0429c92d8984474bfc310b88d28f5
SSDEEP

6144:dXC4vgmhbIxs3NBBUim00pRiyT1CkeBsili68ALZmzP1EUY3GALG:dXCNi9BeiQi9yCi68ALZY9TALG

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  c822d2860b3645bcdf3d52027a3c2810N.exe
- Size
  
  296KB
- MD5
  
  c822d2860b3645bcdf3d52027a3c2810
- SHA1
  
  79734bb649a19a667e77a19d983fdcbb4af12725
- SHA256
  
  5c05921d49d08e3bdbe2d9e593970397988bd5096d37d19697b1f2ff72670f1a
- SHA512
  
  793d0927d1d835b83c8e1e475b5e7e439860ad597e0633d792aaa53078c08cf46f943b138d981786e956d7b2669d42019ed0429c92d8984474bfc310b88d28f5
- SSDEEP
  
  6144:dXC4vgmhbIxs3NBBUim00pRiyT1CkeBsili68ALZmzP1EUY3GALG:dXCNi9BeiQi9yCi68ALZY9TALG
Score

7^/10

discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer